Issue certificates with NotBefore set 1 day prior to avoid drift/time…

…zone issues in VM
kubernetes · May 23, 2018 · 4bdba1f · 4bdba1f
1 parent 902e496
commit 4bdba1f
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/pkg/util/crypto.go b/pkg/util/crypto.go
@@ -44,7 +44,7 @@ func GenerateCACert(certPath, keyPath string, name string) error {
 		Subject: pkix.Name{
 			CommonName: name,
 		},
-		NotBefore: time.Now(),
+		NotBefore: time.Now().Add(time.Hour * -24),
 		NotAfter:  time.Now().Add(time.Hour * 24 * 365 * 10),
 
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
@@ -92,7 +92,7 @@ func GenerateSignedCert(certPath, keyPath, cn string, ips []net.IP, alternateDNS
 			CommonName:   cn,
 			Organization: []string{"system:masters"},
 		},
-		NotBefore: time.Now(),
+		NotBefore: time.Now().Add(time.Hour * -24),
 		NotAfter:  time.Now().Add(time.Hour * 24 * 365),
 
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,